Cross-Privilege Vulnerability in Intel Systems Affecting Linux Kernel Memory
CVE-2024-2201

Currently unrated

Key Information:

Vendor

Xen Project
Status
Xen
Vendor
CVE Published:
19 December 2024

Badges

đź“° News Worthy

What is CVE-2024-2201?

CVE-2024-2201 represents a significant cross-privilege vulnerability categorized under the Spectre v2 classification, impacting Intel systems. This flaw enables attackers to circumvent all existing mitigations, including the recently implemented Fine-grained Indirect Branch Tracking (IBT). As a result, unauthorized entities can potentially leak arbitrary Linux kernel memory, posing an extensive threat to system integrity and security. Organizations using the affected versions of the Linux Kernel must prioritize patching to safeguard against this critical risk.

Affected Version(s)

Xen See advisory "x86: Native Branch History Injection"

News Articles

References

https://www.kb.cert.org/vuls/id/155143
https://github.com/vusec/inspectre-gadget?tab=readme-ov-file
http://www.openwall.com/lists/oss-security/2024/04/09/15

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by BleepingComputer

  • Vulnerability Reserved

.